Visited Porn? Web Browser Flaw Secretly Bares All
- Posted on December 5, 2010 at 3:50pm by
Scott Baker
- Print »
- Email »
SAN FRANCISCO (AP) — Dozens of websites have been secretly harvesting lists of places that their users previously visited online, everything from news articles to bank sites to pornography, a team of computer scientists found.
The information is valuable for con artists to learn more about their targets and send them personalized attacks. It also allows e-commerce companies to adjust ads or prices — for instance, if the site knows you’ve just come from a competitor that is offering a lower price.
Although passwords aren’t at risk, in harvesting a detailed list of where you’ve been online, sites can create thorough profiles on its users.
The technique the University of California, San Diego researchers investigated is called “history sniffing” and is a result of the way browsers interact with websites and record where they’ve been. A few lines of programming code are all a site needs to pull it off.
Although security experts have known for nearly a decade that such snooping is possible, the latest findings offer some of the first public evidence of sites exploiting the problem. Current versions of the Firefox and Internet Explorer browsers still allow this, as do older versions of Chrome and Safari, the researchers said.
The report adds to growing worry about surreptitious surveillance by Internet companies and comes as federal regulators in the U.S. are proposing a “Do Not Track” tool that would prevent advertisers from following consumers around online to sell them more products.
The researchers found 46 sites, ranging from smutty to staid, that tried to pry loose their visitors browsing histories using this technique, sometimes with homegrown tracking code. Nearly half of the 46 sites, including financial research site Morningstar.com and news site Newsmax.com, used an ad-targeting company, Interclick, which says its code was responsible for the tracking.
Interclick said the tracking was part of an eight-month experiment that the sites weren’t aware of. The New York company said it stopped using the technique in October because it wasn’t successful in helping match advertisers to groups of Internet users. Interclick emphasized that it didn’t store the browser histories.
Morningstar said it ended its relationship with Interclick when it found out about the program, and NewsMax said it didn’t know that history sniffing had been used on its users until The Associated Press called. NewsMax said it is investigating.
The researchers studied far more sites — a total of the world’s 50,000 most popular sites — and said many more behaved suspiciously, but couldn’t be proven to use history sniffing. Nearly 500 of the sites studied had characteristics that suggested they could infer browsers’ histories, and more than 60 transferred browser histories to the network. But the researchers said they could only prove that 46 had done actual “history hijacking.”
“Browser vendors should have fixed this a long time ago,” said Jeremiah Grossman, an Internet security expert at WhiteHat Security Inc., which wasn’t involved in the study. “It’s more evidence that we not only needed the fix, but that people really should upgrade their browsers. Most people wouldn’t know this is possible.”
The latest versions of Google Inc.’s Chrome and Apple Inc.’s Safari have automatic protections for this kind of snooping, researchers said. Mozilla Corp. said the next version of Firefox will have the same feature, adding that a workaround exists for some older versions as well.
Microsoft Corp. noted that Internet Explorer users can enable a private browsing mode that prevents the browser from logging the user’s history, which prevents this kind of spying. But private browsing also strips away important benefits of the browser knowing its own history, such as displaying Google links you‘ve visited in different colors than those you haven’t.
“It’s surprising, the lifetime that this fundamental a privacy violation can stick around,” said Hovav Shacham, an assistant professor of computer science and engineering at UC San Diego and one of the paper’s authors.
Internet companies are obsessed with tracking users’ behavior so they can target their ads better. Uproar has prompted the Federal Trade Commission to propose rules that would limit advertisers’ ability to track Internet users to show them advertisements. The “Do Not Track” tool the commission is proposing could eventually take the form of a browser setting that tells advertisers which visitors are off limits; such a setting, though, wouldn’t necessarily block history sniffing.
History sniffing is essentially a side-by-side comparison of Web pages you‘ve already visited with Web pages that a particular site wants to see if you’ve visited. If there’s a match, users likely would never know, but the site administrators would learn a lot about their audiences.
For instance, a popular porn site was checking its visitors‘ histories to see if they’d visited 23 other pornography sites, and the code used on the Morningstar and NewsMax.com sites looked for matches against 48 specific Web pages, all related to Ford automobiles.
Sites can carry on this kind of inspection very quickly. Grossman said modern programs can check as many as 20,000 Internet addresses per second.
Popular Stories
Paper Details Obama Admin’s Alleged Secret Note Sent to Iran: If Israel Attacks, We Won’t Get Involved 591 Comments
‘Made Up Religion’: TV Historian Enrages Muslims, Receives Threats After Producing UK Documentary Questioning Islam’s Beginnings 415 Comments
This Is the Creationists‘ Response to Scientist Bill Nye’s Viral Pro-Evolution Video Claiming They Harm Children 415 Comments
President Obama Issues Major ‘Green Energy’ Executive Order 379 Comments
Roseanne Barr: Most Billionaires ‘Violent Pedophiles’ & ‘Heartless’ Cocaine Addicts 376 Comments
Faith
- This Is the Creationists‘ Response to Scientist Bill Nye’s Viral Pro-Evolution Video Claiming They Harm Children 415 Comments
Pakistani Muslim Cleric Accused of Framing Disabled Christian Girl in Koran-Burning Case Read More- ‘Made Up Religion’: TV Historian Enrages Muslims, Receives Threats After Producing UK Documentary Questioning Islam’s Beginnings 415 Comments
Meet the Controversial German Imam Accused of Brutally Beating His Wife & Pushing Sharia Law Read More
‘Self-Proclaimed Messiah’ & Unification Church Leader the Rev. Sun Myung Moon Has Died — Here’s His Life Story Read More
Business
- President Obama Issues Major ‘Green Energy’ Executive Order 379 Comments
- Germany’s Upcoming Court Ruling Will be Huge for the EU Read More
Ford Looks to Beat Toyota for Best-Selling Car in 2012 With This Model 151 Comments
Bernanke & QE3: Here’s What You Need to Know 100 Comments- ‘Extortion’: Why Did the Labor Department ‘Drop the Hammer’ on Oregon Farmers? 303 Comments
Technology
- This Is the Creationists‘ Response to Scientist Bill Nye’s Viral Pro-Evolution Video Claiming They Harm Children 415 Comments
‘TaserDrone’: Hackers Weaponize Quadcopter With Actual ‘Shocking’ Technology Read More
Ever Heard of the Wild ‘Burning Man’ Festival in the Middle of the Nev. Desert? Here’s Your Primer Read More
Stanford Develops Technology ‘Better Than Steroids’ for Athlete Recovery Read More
Have You Pretended to Know What ‘the Cloud’ Is? You’re Not Alone Read More
Submitting your tip... please wait!
Comments (45)
HellAndBack
Posted on December 6, 2010 at 1:39pmI am an american… I’ll look at all the damn porn i wish. dont like like me for it… thats your right. piss off. Porn is a multi BILLION dollar business… someone (like you) is looking. I dont say its right… but that’s between me and God. Soooooo, Piss Off.
Report Post »BORNINTOAWORLDATWAR
Posted on December 6, 2010 at 12:19pmJust remember if it is electronic it leaves a trail of electrons every time.
Report Post »So do nothing that can cause you pain should someone else find out.
Or join the Amish, I hear they are able to opt out of Obama Care too.
LBRTYorDTH
Posted on December 6, 2010 at 8:02amOh No!!! Another crisis; call the government to save us. Let all be controlled because a few are incapable/too ignorant of taking simple steps to protect themselves. Call your congess people and tell them to hire some more hand-holders to save us.
Report Post »chfields62
Posted on December 6, 2010 at 1:08amThere is nothing you can do short of disconnecting from the internet, to safeguard your info. If someone wants it, they will get it. Luckily, most hackers aren’t interested in regular folks. Expecting privacy these days is like expecting Santa Clause to be real. It is all an illusion. If we are careful, it will get far worse. Like Glenn Beck has stated, once you have lost freedom, you never get it back……..
Report Post »redneck hickabilly
Posted on December 5, 2010 at 8:42pmvpn…. is the only way to go-it even keeps your own isp from knowing anything
Report Post »Bad Thunder
Posted on December 5, 2010 at 8:13pmPorn Profilers or PP’s for short……… no pun intended
Report Post »sbenard
Posted on December 5, 2010 at 7:51pmIf they can sniff out porno sites, they can do the same with everything else. That includes my BANK info, too! Time to set Firefox to delete ALL of my history every time I close my browser window. You’d be surprised how many scripts on every website are tracking info about you. I’ve seen numerous websites, including several conservative NEWS sites visited by users of this one, that have 15-20 or more scripts invisibly embedded on EVERY SINGLE WEB PAGE!
Everyone should also install the NoScript add-on to your Firefox browser. It blocks all scripts on all websites EXCEPT the ones you authorize. You have to proactively enable each script to permit it to work. It takes some time upon initial install to choose the scripts at you wish to enable, but it puts web users in total control. You can also use the Ghostery add-on. It has a pop-up on each web page that tells you which trackers are on that web page. You’d be very surprised at how many there are! There are usually 5-10 on EVERY web page. This is TYPICAL! You can block the ones you want, or enable them. Again, it puts you in control. If you haven’t got these installed, they are tracking you and your info without your awareness, and they’re doing it right NOW!
No more sniffing of my BANK info!
Report Post »New-American-Saviors
Posted on December 5, 2010 at 7:37pmUse encryption, Bounce your ID, Overwrite 10X Immediately after going on any site the Government can use against you ( Figure it Out) , Sign OUT of sites such as this one and FACEBOOK,
and UN-PLUG your computer and Internet modem if you have one at least once a week for 8-12 hrs.
That’s about all a PC User can do with all the Adobe flash and Windows autoloads.
Report Post »Hi power wireless N usb in a Lap top may help in the short run. It’s Cat & Mouse 24/7
Legal Immigrant
Posted on December 5, 2010 at 7:16pmSlick Willy says….
“OH NOES!!!!”
Report Post »hiramsmaxim
Posted on December 5, 2010 at 7:05pmNet neutrality? It offers an opposing sexual view to your current viewing? LMAO !!
Report Post »Jim Hubbard
Posted on December 5, 2010 at 6:39pmIf you are stupid enough to believe that you still have personal privacy in this digital age, you probably also believe that the government doesn’t spy on its citizens and that politicians are honest.
Being that stupid, you aren’t bound to change the world anyway, so stop worrying about the privacy that you lost long ago when you ignored the geeks’ warnings. Instead, worry about things like Santa Clause…it’ll do as much good.
Report Post »americansfightingforcommonsense
Posted on December 5, 2010 at 6:29pmOur world is colapsing around us and it seems that view people notice or even care; as long as they get what they want. Turn to God and ask for repentance. Then “stop doing what you were doing and get back on trck with your life. Follow Christ’s example and help those around you know the truth about the gospel of Jesus Christ. It’s the only way.
Report Post »Tony Nagy
Posted on December 5, 2010 at 5:37pmHow many times are we sucked in by> ‘It’s Free’…. or you’re a winner, claim your prize!!
Report Post »As Mr’ Beck would say> “There nothing Free in the world my Friend”…. been there, done that, completely Quit that garbage… I Google Earth now for the pics I like.
Atrocities
Posted on December 5, 2010 at 5:18pmAnd This Site Is No Exception – No less than 12 trackers tried to “pry” my info and or track me when I clicked on this story. ChartBeat, DoubleClickDART, GoogleAdSense, GoogleAnaylics, OmniTour, QuantCast, Bslamed, VirualInvasion, AvgOverYde, and a few others.
This is what the left means by right wing hypocrisy Glenn!
Report Post »JournalistStuntDouble
Posted on December 5, 2010 at 5:47pmAre you listening, The Blaze?
Lead by example.
As a “very seasoned” web developer, I certainly understand the importance of vital analytics…but there are much better, ethical means to go about serving your ads and tracking users.
You cannot speak out both sides of your mouth chastising these sites, railing on the evilness of net neutrality, discussing corrupt Google/government collusion on your shows (and yes, we do agree on all of these fronts), all the while adding fuel to their fire (money). If you’re not part of the solution, you’re part of the problem.
Email me, The Blaze…I’d be humbled and honored to pass on some wisdom to your web dev team.
Report Post »Tyr
Posted on December 5, 2010 at 5:17pm$97.06 billion. in 2006 (reported to IRS)
Pornography Statistics (as found on the internet)
Every second – $3,075.64 is being spent on pornography.
Every second – 28,258 internet users are viewing pornography.
Every second – 372 internet users are typing adult search terms into search engines.
Every 39 minutes: a new pornographic video is being created in the United States.
As Dick Ermey says on the commercials, Get over it!
YOU JACK-WAGONS!!
Report Post »Midwest Belle
Posted on December 5, 2010 at 7:23pmand I’ll bet fully 1/2 of the visitors of porn sites are government workers on government computers, not to mention other workers accessing porn on their work computers too. Some people are idiots.
Report Post »Eternal Lucy
Posted on December 5, 2010 at 9:41pmJust an aside here …
The term “adult” in this context always amuses me.
ADULT store.
For MATURE audiences.
It all seems so ironic and oxymoronic and completely the opposite of adulthood and maturity.
Report Post »Bunnyslope
Posted on December 6, 2010 at 4:17pmDid you combine Dick Armey and R. Lee Ermey?
Report Post »glenng2
Posted on December 5, 2010 at 5:11pmIt should require a warrant to collest or store any indivuals data period!
Report Post »tower7femacamp
Posted on December 5, 2010 at 4:51pmPorn is bad ???
Report Post »TSA is good ???
MeteoricLimbo
Posted on December 5, 2010 at 4:46pmPeeping Toms!
Report Post »JournalistStuntDouble
Posted on December 5, 2010 at 4:45pmAnd if you thought using the simple “private browsing” mode in Safari, Chrome, of the future Firefox was enough, think again…
Meet super cookies.
“More than half of the internet’s top web sites use a little known capability of Adobe’s Flash plug-in to track users and store information about them, but only four of them mention the so-called Flash Cookies in their privacy policies.”
Report Post »greycoat
Posted on December 6, 2010 at 11:49amI don‘t visit porn sites and the commenter who mentioned don’t google “granny” and “close up” at the same time is still grossing me out with that thought. LOL
I use freeware Flash Cookies Cleaner to get rid of the supercookies. Can be found on Softpedia at: http://www.softpedia.com/get/Security/Secure-cleaning/Flash-Cookies-Cleaner.shtml
Report Post »Psychosis
Posted on December 5, 2010 at 4:30pmlol……….BAM!!!!!!!!!!
Report Post »orkydorky
Posted on December 5, 2010 at 4:30pmBut, don’t you dare profile terrorists!
Report Post »mossbrain
Posted on December 5, 2010 at 4:20pmI won‘t be running for public office so it doesn’t bother me. A word of advice, don’t go to any porn site with “granny” or “up close” in it’s name. Should you enter a site with both “grannie” and “up close” in the name, well, you have just gone through the gates of hell my friends.
Psychosis
Posted on December 5, 2010 at 4:31pmEEEWWWWWwww lol
Report Post »Skwerl E. Muckenfutch
Posted on December 6, 2010 at 10:38amThe rules of the Internet clearly state:
Report Post »Rule 34- If it exists, there is porn of it. No exceptions.
Rule 36- If it exists, someone has a fetish for it. No exceptions.
TruthTalker
Posted on December 5, 2010 at 3:59pmDont go to sites you wouldnt want people to know about.
Report Post »M31Sailor
Posted on December 5, 2010 at 3:58pmDamm
Now I have to go back to National Geographic’s
Report Post »El Paco
Posted on December 5, 2010 at 3:56pmHere’s a good way to get around the “Porn” problem. Don’t watch porn. Problem solved!!
But yea, This doesn’t surprise me in the least. Kinda sucks, but honestly no matter what they do, some hacker kid is going to eventually get around it.
Report Post »scuba13
Posted on December 5, 2010 at 4:04pmWhat do you suggest that Olberman should do ?
Report Post »El Paco
Posted on December 5, 2010 at 4:28pmWhat do we all suggest he do??? Quit gracefully and retire to some mountain cave faaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaar away. :)
Report Post »A Doctors Labor Is Not My Right
Posted on December 5, 2010 at 4:36pmDon’t need the government involved, thank you.
“Do Not Track” is just another government regulation – and we don’t need the vast majority that we have now. If I am wronged by some internet company, that’s what the courts are for.
Stand up for your freedoms, America. Can’t you see government is too big?
Report Post »12 gauge
Posted on December 5, 2010 at 4:38pmDon‘t do the crime if you can’t do the time. does anyone really think the web is private?
Uncle Sambo
Posted on December 5, 2010 at 5:07pmVisit Porn Sites and your computer has a good chance of being hit with malware. Surf porn sites at your own risk.
Report Post »Uncle Sambo
Posted on December 5, 2010 at 5:17pm-12 gauge-
“Don‘t do the crime if you can’t do the time. does anyone really think the web is private?”
Yes, if you take the proper precautions.,,
Report Post »Set your browser to delete its history, cache, and cookies after closing it.
Set your cache to point to a RAM disk that neatly is completely erased after you power down. There is no way to recover the files.
This one takes some skill. Change the registry entry in your computer to encrypt the paging file and or to delete it upon power down.
Use a TOR (Onion Router) to browse the web.
snowleopard3200 {mix art}
Posted on December 5, 2010 at 6:10pmThe constant battle between hackers and security; one gains a brief edge, then another one finds a way around it, or a edge to stopping it. Kind of a internet darwinian adaptation of the species in a shorter amount of time.
Report Post »Pyx
Posted on December 5, 2010 at 6:52pmSCUBA13, Keith Olbermann should not have to worry about the effects of pornography due to his
Report Post »SEXUAL DIFFICULTIES. I seem to recall someone mentioned that Keith Olbermann has a terribly tiny and under-developed micro-phallu … errr … perhaps I shouldn’t.
The Libertarian Atheist
Posted on December 5, 2010 at 10:10pmDean Martin was correct. its always better when you pay for it.
Report Post »